Thank you Berin. This was very helpful. -Mike
> -----Original Message----- > From: Berin Loritsch [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 11, 2002 9:02 AM > To: JMeter Developers List > Subject: Re: itchy fingers > > > Stover, Michael wrote: > > No hurry - I'm not expecting you to fix anything, just make > a comment to > > clarify them, if possible. > > The first one, Bug #5710 is a user error. It may not be > clear enough in > the SSLManager docs I wrote, but you must have a copy of the > public key > of the site you are accessing *especially* if it does not > originate from > any of the public keys that are shipped with JSSE. > > The technique I use is to create a JKS KeyStore named "jssecacerts". > I place that in the ${JAVA_HOME}/jre/lib/security/ directory. The > JSSE system will pick that up before the other cacerts file. > > In that keystore, you need the Certificate Authority (CA) certificate > and the site's certificate. If the site uses a self produced CA cert, > then they also have to be careful with certain attributes of the cert. > > I had JSSE choking on me because the CA Cert of the site I was testing > had an attribute named OID=48.25.93.22 or something similar. > JSSE does > not like an explicitly named OID with decimal points--don't use it. > > > The second bug, Bug #5770 I suspect to be a deficiency in the JDK that > the user is using. It can be something between his Linux kernel and > the Sun JDK code, or it can be bad JDK code. > > The problem with SecureRandom is that it uses random thread timings > to produce a random result. Theorhetically it seeds the random number > generator well. Unfortunately, it is possible that the thread > contention intentionally invoked by the SecureRandom in JDK 1.4 caused > a deadlock on the user's machine. > > In order to get around this problem, I suggest you make the > SecureRandom > class implementation pluggable. That way we don't have to worry about > Sun's implementation. If a Linux box has a harware random noise > generator, it would be better to use that to seed the SecureRandom. > Therefore, we should be able to specify > javax.secure.Random=DevRndRandom > or something similar. > > The "DevRndRandom" we specified can read the first 1024 bytes from > /dev/rnd or /dev/snd (there are ways of inducing noise through the > microphone). That would be enough to get a truly randomly generated > seed. > > It is possible that the BlackDown JDK has detected the bug that Sun > released and fixed it already. > > > > > > >>-----Original Message----- > >>From: Berin Loritsch [mailto:[EMAIL PROTECTED]] > >>Sent: Thursday, March 07, 2002 10:40 AM > >>To: JMeter Developers List > >>Subject: Re: itchy fingers > >> > >> > >>Stover, Michael wrote: > >> > >>>Thanks Berin, I appreciate that. BTW, have you checked out > >>> > >>the bugs on > >> > >>>bugzilla that refer to SSL stuff? Maybe you could spare a > >>> > >>moment and read > >> > >>>them and just comment on them (in bugzilla) to help me > >>> > >>understand them - I > >> > >>>don't even know if they're valid bugs! > >>> > >>Ok. I will try to get to them this weekend--I have an > >>incredibly insane > >>schedule. > >> > >> > >>>-Mike > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: Berin Loritsch [mailto:[EMAIL PROTECTED]] > >>>>Sent: Thursday, March 07, 2002 10:32 AM > >>>>To: JMeter Developers List > >>>>Subject: Re: itchy fingers > >>>> > >>>> > >>>>Stover, Michael wrote: > >>>> > >>>> > >>>>>I'm having difficulty restraining myself from getting to > >>>>> > >>>>> > >>>>work on JMeter > >>>> > >>>> > >>>>>wholesale. On one machine, I've already implemented > >>>>> > >>>>> > >>>>cut/copy/paste/ and Add > >>>> > >>>> > >>>>>Parent, and I'd like to add an insert ability and get rid > >>>>> > >>>>> > >>>>of the annoying > >>>> > >>>> > >>>>>"getAddList()" method from JMeterComponentModel. I've > been writing > >>>>>documentation like a mad man, but there's only so much of > >>>>> > >>>>> > >>>>that I can take. > >>>> > >>>> > >>>>>Jim Boucher and I have been trying to get 1.7beta3 out the > >>>>> > >>>>> > >>>>door, with 1.7.x > >>>> > >>>> > >>>>>production release to soon follow once documentation is > >>>>> > >>done. Well, > >> > >>>>>documentation is about as done as I'm going to make it for > >>>>> > >>>>> > >>>>now, and we're > >>>> > >>>> > >>>>>still trying to get people's responses to beta3. As far as > >>>>> > >>>>> > >>>>I'm concerned, > >>>> > >>>> > >>>>>the production release is done and ready to go. > >>>>> > >>>>>Does anyone have any concerns that need to be addressed > >>>>> > >>>>> > >>>>before a release is > >>>> > >>>> > >>>>>made? > >>>>> > >>>>> > >>>>Not now. You've done an excellent job. (I just wish I > >>>> > >>could provide > >> > >>>>more help, but unfortunately I am no longer getting paid to > >>>> > >>work on it > >> > >>>>full time). > >>>> > >>>> > >>>> > >>>> > >>>>-- > >>>> > >>>>"They that give up essential liberty to obtain a little > >>>>temporary safety > >>>> deserve neither liberty nor safety." > >>>> - Benjamin Franklin > >>>> > >>>> > >>>>-- > >>>>To unsubscribe, e-mail: > >>>> > >>>> > >>><mailto:[EMAIL PROTECTED]> > >>>For additional commands, e-mail: > >>> > >><mailto:[EMAIL PROTECTED]> > >> > >>>-- > >>>To unsubscribe, e-mail: > >>> > >><mailto:[EMAIL PROTECTED]> > >> > >>>For additional commands, e-mail: > >>> > >><mailto:[EMAIL PROTECTED]> > >> > >>> > >> > >> > >>-- > >> > >>"They that give up essential liberty to obtain a little > >>temporary safety > >> deserve neither liberty nor safety." > >> - Benjamin Franklin > >> > >> > >>-- > >>To unsubscribe, e-mail: > >><mailto:[EMAIL PROTECTED]> > >>For additional commands, e-mail: > >><mailto:[EMAIL PROTECTED]> > >> > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > > -- > > "They that give up essential liberty to obtain a little > temporary safety > deserve neither liberty nor safety." > - Benjamin Franklin > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
